Before we can begin any communication on top of our ZeroMQ network we need to
accept encryption keys. The underlying ZeroMQ network is not encrypted, but
SaltStack adds a layer of AES public key encryption to all communications. This
adds very little overhead while ensuring that all communications are securely
encrypted between all hosts. Before these encryption keys are accepted on the
master, no communication will take place.

The Salt Master provides a utility called salt-key to allow you to manage
these encryption keys. Each minion will automatically generate their respective
keys and submit them to the master for acceptance. There are a number of ways
to manage keys at scale, but here we’ll just look at the basic options of the
salt-key utility.

salt-key executes simple management of Salt public keys used for
authentication and encryption.

The args pre, un, and unaccepted will list unaccepted/unsigned
keys. The args acc or accepted will list accepted/signed keys. The
args rej or rejected will list rejected keys. Finally, all will
list all keys.